Tuesday, May 17, 2016

Public Key Infrastructure and Blockchain

When two hosts want to transfer
sensitive data between them, they use an encrypted communication.
Both the hosts first connect to each other, authenticate themselves
and after that an encrypted connection is established, using which
sensitive data are transferred.

If a host wants to authenticate itself
to the other host, it needs to prove its identity. Normally, public
key cryptography is used for that purpose. Each host possesses a
private-public key pair. And, to establish an encrypted connection,
they share their public keys to each other.

But, one has to confirm that the shared
public key indeed belongs to the sender. Public Key Infrastructure or
PKI is an arrangement which is used for that purpose. It binds public
keys with corresponding identities through registration and issuance
of certificates and using centralized authority called Certificate
Authority or CA. PKI consists of set of roles, policies and
procedures to create, manage, distribute or revoke digital
certificates.

Certification using Public Key
Infrastructure

PKI consists of the following
components :

Certificate Authority

Registration Authority

Central Directory

Certificate Management System

Certificate Policy

Certificate Authority

A Certificate Authority issues a
digital certificate to an entity. The issued digital certificate is
signed with the private key of the CA, so that it is not tampered
with. When a host gets a digital certificate of another host, it
checks with the corresponding CA to make sure it is an authentic one.

Registration Authority

When an entity requests for a digital
certificate, the Registration Authority verifies the identity of the
entity to make sure the digital certificate is not misissued.

Central Directory

A Central Directory is a central
location where public keys are stored and indexed, so that they can
be retrieved at the time of verification of digital certificates.

Certificate Management System

A Certificate Management System manages
access to stored certificates and the delivery of the certificates to
be issued.

Certificate Policy

It consists of policies of digital
certificates.

Blockchain in Decentralized Public
Key Infrastructure

There are several disadvantages of
relying on a centralized authority in a PKI. A digital certificate
can be misissued by a CA for a number of reasons and when that
happens, security gets heavily compromised.

To counter the disadvantages of using a
centralized authority, a Decentralized Public Key Infrastructure can
be used with Blockchain.

What is a Blockchain ?

A
blockchain is a distributed database that maintains a
continuously growing list of data records that cannot be tampered.

The
blockchain was the main technical innovation behind Bitcoin. There a
blockchain is used as a public ledger of all transactions made with
Bitcoins.

A
blockchain consists of a number of blocks that are linked with each
other with each block linked with its previous block. And, each block
consists of a batch of timestamped transactions and a hash of
previous block. As the blocks are linked with each other forming a
chain, hence the name of the database.

When
new transactions are broadcast to all nodes, each node collect the
transactions in a block. All the nodes verify the transactions
present in the block and notify one another about their acceptance.
When the majority of the nodes agree, the next block is created,
linking it with the previous one.

How can a Blockchain be used in a Decentralized Public Key Infrastructure ?

Blockchain
can be used in a Decentralized PKI where each block may contain a
number of digitally signed transactions. When an entity is registered
with a public key, it can sign it with its secret key and submit it
to the blockchain. All the nodes in the blockchain can participate in
registration, issuance and validation of a public key of an entity.
And, when most of the nodes in the blockchain approves a transaction,
it can get added in the next block created.

Registration
of a Public Key

When
an entity wants to register its public key, it signs the key with its
secret key and submits it to the blockchain. All the nodes of the
blockchain are notified. Each of them then iterates through the
blockchain and verifies the key is not previously registered and the
transaction is valid. When a majority of the nodes verifies the
transaction successfully, it is approved and a blockminer can then
add it to the next block created.

Verification
of a Public Key

When
a user wants to verify whether a public key belongs to the identity,
it traverses through the blockchain and looks up for id and public
key pair of each transaction. As each transaction is digitally signed
and registered after successful verification, it is very difficult to
tamper with a public key of an entity and thus, it ensures security.

Update
of a Public Key

When
an entity wants to update its public key, it submits its id and the
old key and the new key to the blockchain. All the nodes of the
blockchain verifies that the old public key corresponds to the entity
and notifies their approval. When the majority of the nodes approve,
a new block is created with the updated value of the public key.

This article gives just an overview on
Public Key Infrastructure and how blockchain can be used in a
Decentralized Public Key Infrastructure. Hope you liked it.

If I understand the question right, then the question is whether I can sign someone else's public key with my secret key and submit it to the blockchain. Please note that, public key and a corresponding private key form a keypair. So, if I sign a someone else's public key with my secret key, then the encrypted key cannot be decrypted with someone else's public key. It would need my public key only. And, if someone decrypts it with my public key, he would know the public key that he has used in the decryption and the decrypted public key that he has got does not match.